CVE-2020-27339
MEDIUMInsyde InsydeH2O 5.x < 5.34.44 - Memory Corruption via SMM Driver CommBuffer Validation
Title source: llmDescription
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5).
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://www.insyde.com/security-pledge/SA-2021001
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220216-0005/
Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
Third Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/796611
Scores
CVSS v3
6.7
EPSS
0.0006
EPSS Percentile
17.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (17)
insyde/insydeh2o
5.3 - 5.34.44
siemens/ruggedcom_apr1808_firmware
siemens/simatic_field_pg_m5_firmware
siemens/simatic_field_pg_m6_firmware
siemens/simatic_ipc127e_firmware
siemens/simatic_ipc227g_firmware
siemens/simatic_ipc277g_firmware
siemens/simatic_ipc327g_firmware
siemens/simatic_ipc377g_firmware
siemens/simatic_ipc427e_firmware
... and 7 more
Published
Jun 16, 2021
Tracked Since
Feb 18, 2026